From: Fiona Ebner <f.ebner@proxmox.com>
To: "Proxmox VE development discussion" <pve-devel@lists.proxmox.com>,
"Fabian Grünbichler" <f.gruenbichler@proxmox.com>
Subject: [pve-devel] applied: [PATCH docs] fix #5665: add note about short-lived cert renewal
Date: Fri, 8 Nov 2024 11:36:21 +0100 [thread overview]
Message-ID: <ff012adb-e78c-4b47-94bf-aeb782ffd8a5@proxmox.com> (raw)
In-Reply-To: <20240909123950.1407242-1-f.gruenbichler@proxmox.com>
Am 09.09.24 um 14:39 schrieb Fabian Grünbichler:
> not that obvious behaviour on the systemd side, and missing cert renewal can
> have wide-reaching consequences.
>
> Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
> ---
> certificate-management.adoc | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/certificate-management.adoc b/certificate-management.adoc
> index 71c6d71..3bb9bb9 100644
> --- a/certificate-management.adoc
> +++ b/certificate-management.adoc
> @@ -223,6 +223,9 @@ If a node has been successfully configured with an ACME-provided certificate
> renewed by the `pve-daily-update.service`. Currently, renewal will be attempted
> if the certificate has expired already, or will expire in the next 30 days.
>
> +NOTE: If you are using a custom directory that issues short-lived certificates,
> +disabling the random delay for the `pve-daily-update.timer` unit might be
> +advisable to avoid missing a certificate renewal after a reboot.
>
> ACME Examples with `pvenode`
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
applied, thanks!
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
prev parent reply other threads:[~2024-11-08 10:36 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-09 12:39 [pve-devel] " Fabian Grünbichler
2024-11-08 10:36 ` Fiona Ebner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ff012adb-e78c-4b47-94bf-aeb782ffd8a5@proxmox.com \
--to=f.ebner@proxmox.com \
--cc=f.gruenbichler@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal